XML-RPC Interface Vulnerability in WatchGuard Fireware
CVE-2017-14616

7.5HIGH

Key Information:

Vendor: Watchguard
Status: Fireware
Vendor: CVE Published:; 20 September 2017

What is CVE-2017-14616?

A Denial of Service vulnerability exists in WatchGuard Fireware prior to version 12.0, where an empty member element in an XML message sent to the XML-RPC interface can cause the wgagent to crash. This results in the immediate logout of any active users and disrupts the UI management of the device, making it impossible to manage the device effectively. Continuous failed login attempts exacerbate the issue, leading to a complete denial of access.

References

http://www.securityfocus.com/archive/1/540427

x_refsource_MISC

https://www.sidertia.com/Home/Community/Blog/2017/09/18/F...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 20, 2017
Vulnerability Reserved
Sep 20, 2017

Watchguard

What is CVE-2017-14616?

References

CVSS V3.1

Timeline